[hcs-d] "Massive" DNS Vulnerability - Is it really that bad?

Joshua Kroll jkroll at hcs.harvard.edu
Tue Jul 8 19:15:07 EDT 2008


Does anyone else think this is a little silly?

http://www.kb.cert.org/vuls/id/800113

We've known that DNS is vulnerable to spoofing for a long
time. Nothing has changed. There aren't even new attacks out there
(well, there are plenty of new DNS attacks, but they aren't this
heavy-handed). Wouldn't it be better to use a firewall that was clever
enough not to let 33,000 DNS packets through in only a few ms?

Maybe I'm just a DNS geek.

Josh


More information about the hcs-discuss mailing list